Accelerate your Docker Learning Journey

This guide provides an overview of Docker Content Trust and some quick familiarization exercises. It was introduced in Docker Engine 1.8 and Docker CS Engine 1.9.0 an is available in Docker EE.

Docker Content Trust
(DCT) provides strong cryptographic guarantees over what code and what versions of software are being run in your infrastructure. Docker Content Trust integrates
The Update Framework (TUF)
into Docker using
Notary
, an open source tool that provides trust over any content.

When a publisher using Docker Content Trust pushes an image to a remote registry, Docker Engine signs the image locally with the publisher’s private key. When a user later pulls this image, Docker Engine uses the publisher’s public key to verify that the image is exactly what the publisher created, has not been tampered with, and is up to date.

More details about the internals of DCT can be found in the Docker Blog.